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- The MAILING DATE of this communication appears on the cover sheet with the correspondence address - 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MO NTH (S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1704(b). 

Status 

1 )M Responsive to communication(s) filed on 28 January 2002 . 
2a)D This action is FINAL. 2b)E3 This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) M Claim(s) 1-30 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) M Claim(s) UiO is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) K The drawing(s) filed on 28 January 2002 is/are: a)K accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2. D Certified copies of the priority documents have been received in Application No. _. 

3. D Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 



Claim Rejections - 35 USC § 102 

1 . The following is a quotation of the appropriate paragraphs of 35 
U.S.C. 102 that form the basis for the rejections under this section made in this 

Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in 
public use or on sale in this country, more than one year prior to the date of application for patent in 
the United States. 

2. Claims 1-30 are rejected under 35 U.S.C. 102(b) as being anticipated by 
Asay et al, U.S. Patent 5,903,882. 

As per claim 1 , Asay et al teaches of a method, comprising requesting, by 
a subscriber (delegate) with a delegation from a certificate authority (delegator), 
a service from a relying party requesting, by the relying party based on the 
service requested and the delegation, certificate (credential) information from a 
reliance server (delegate credential service provider), sending, by the reliance 
server (delegate credential service provider), the certificate (credential) 
information to the relying party, generating, by the relying party, a service 
response according to the certificate (credential) information received from the 
reliance server (delegate credential service provider), and sending the service 
response to the subscriber (delegate)(col. 4, lines 28-38 and col. 5, lines 1-28). 
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As per claim 2, Asay et al discloses that certificate (credential) information 
contains certificate (credential) information about the certificate authority 
(delegator)(col. 11, lines 15-31). 

As per claim 3, it is taught by Asay et al that the requesting delegated 
credential comprises generating a certificate (credential) information request 
based on the service requested and the delegation, sending the certificate 
(credential) information request to the subscriber (delegate) for an approval that 
authorizes the certificate (credential) information request, receiving the approval 
from the subscriber (delegate), and sending the approved delegated credential 
request to the reliance server (delegate credential service provider)(col . 3, lines 
5-18; col. 4, lines 28-38; and col. 5, lines 1-6). 

As per claim 4, it is disclosed by Asay et al of sending the certificate 
(credential) information request to the subscriber (delegate) includes sending a 
request for information related to an appropriate delegation, and receiving the 
approval from the subscriber (delegate) includes receiving the information related 
to an appropriate delegation (col. 3, lines 5-18 and col. 20, lines 1 1-23). 

As per claim 5, Asay et al teaches of sending the certificate (credential) 
information comprises verifying the delegation registered by the subscriber 
(delegate) and certificate authority (delegator), retrieving certificate (credential) 
information associated with the delegation, and forwarding the retrieved 
certificate (credential) information to the relying party (col. 5, lines 1-28). 
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As per claim 6, the teachings of Asay et al recite of subscribing, by the 
subscriber (delegate) and the certificate authority (delegator), a digital credential 
service from a reliance server (credential service provider)(col. 5, lines 1-28). 

As per claim 7, Asay et al discloses of registering, by the certificate 
authority (delegator), the conditions under which pieces of the certificate 
(credential) information can be released to relying parties (col. 7, lines 59-67). 

As per claim 8, Asay et al teaches of a method for a relying party, 
comprising receiving, from a subscriber (delegate), a request for a service, 
sending certificate (credential) information request to a reliance server (delegate 
credential service provider), receiving requested certificate (credential) 
information from the reliance server (delegate credential service provider), 
verifying the certificate (credential) information, generating a service response 
based on the results from the verifying and the request for the service, and 
sending the service response to the subscriber (delegate)(col. 4, lines 28-38 and 
col. 5, lines 1-28). 

As per claim 9, it is disclosed by Asay et al of sending the certificate 
(credential) information request comprises determining the certificate (credential) 
information required for the services requested, generating the certificate 
(credential) information request based on the certificate (credential) required, 
sending the certificate (credential) information request to the subscriber 
(delegate) to obtain an approval, receiving the approval from the subscriber 
(delegate), and sending the certificate (credential) information request to the 
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reliance server (delegate credential service provider)( col. 3, lines 5-18; col. 4, 
lines 28-38; and col. 5, lines 1-6). 

As per claim 10, Asay et al discloses determining, using the certificate 
(credential) required, an appropriate delegation based on which the certificate 
(credential) information request is constructed (col. 5, lines 1-28). 

As per claim 1 1 , Asay et al teaches of determining the appropriate 
delegation includes one of obtaining the appropriate delegation specified in the 
request for service sent by the subscriber (delegate), selecting the appropriate 
delegation by the subscriber (delegate) upon receiving the certificate (credential) 
information request, and verifying the appropriate delegation by the reliance 
server (delegate credential service provider)(col. 5, lines 1-28). 

As per claim 12, Asay et al discloses of a method for a reliance server 
(delegate credential service provider), comprising receiving a service request, 
determining the service type based on the service request, registering, if the 
service type is for subscribing a digital credential service, a user's certificate 
(credential) information for requested digital credential service, registering, if the 
service type is for delegation service, a delegation between a certificate authority 
(delegator) and a subscriber (delegate), the delegation including delegation 
terms, changing, if the service type is for updating an existing delegation, the 
terms of an existing delegation, and providing, if the service request is a 
credential information request from a relying party for certificate (credential) 
information required for a service requested by a subscriber (delegate), 
certificate (credential) information (col. 4, lines 28-38 and col. 5, lines 1-28). 
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As per claim 1 3, the teachings of Asay et al disclose that wherein said 
changing the terms of a delegation comprises receiving, from a user, revised 
delegation terms, and updating the terms of the existing delegation using the 
revised delegation terms (col. 21, lines 55-67). 

As per claim 14, Asay et al discloses that wherein said providing 
delegated credential comprises retrieving the requested delegated credential, 
and sending the retrieved delegated credential to the relying party (col. 5, lines 1- 
28). 

As per claim 15, Asay et al teaches of registering by the delegator the 
conditions under which pieces of the certificate (credential) information can be 
released to relying parties, and determining, prior to the retrieving, a delegation, 
between the subscriber (delegate), who requests the service from the relying 
party, and a certificate authority (delegator), wherein the digital credential 
information of the certificate authority (delegator) corresponds to the delegated 
credential required for the service requested by the subscriber (delegate)(col. 5, 
lines 1-28). 

As per claim 16, Asay et al discloses of a system for a relying party, 
comprising a service request processing mechanism for processing a service 
request for a service from a user, a credential information request mechanism for 
obtaining required certificate (credential) information that is necessary for the 
service from a reliance server (delegation credential service provider), and a 
service response generation mechanism for generating a service response 
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based on the service request and the required certificate (credential) information 
(col. 4, lines 28-38 and col. 5, lines 1-28). 

As per claim 17, it is taught by Asay et al of a credential determiner for 
determining, prior to obtaining certificate (credential) information, required 
credential information necessary for the service requested by the user, and a 
credential verification mechanism for verifying the required certificate (credential) 
information obtained from the reliance server (delegation credential service 
provider) before the service response is generated (col. 3, lines 5-18; col. 4, lines 
28-38; and col. 5, lines 1-6). 

As per claim 18, it is disclosed by Asay et al of a machine-accessible 
medium encoded with data, the data, when accessed, causing requesting, by a 
subscriber (delegate) with a delegation from a certificate authority (delegator), a 
service from a relying party, requesting, by the relying party based on the service 
requested and the delegation, certificate (credential) information from the 
reliance server (delegate credential service provider), sending, by the reliance 
server (delegate credential service provider), the certificate (credential) 
information to the relying party, generating, by the relying party, a service 
response according to the certificate (credential) information, received from the 
reliance server (delegate credential service provider), and sending the service 
response to the subscriber (delegate)(col. 4, lines 28-38 and col. 5, lines 1-28). 

As per claim 19, Asay et al teaches that the requesting delegated 
credential comprises generating certificate (credential) information request based 
on the service requested and the delegation, sending the certificate (credential) 
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information request to the delegate for an approval that authorizes the certificate 
(credential) information request, receiving the approval from the subscriber 
(delegate), and sending an approved certificate (credential) information request 
to the reliance server (subscriber credential service provider)(col. 3, lines 5-18; 
col. 4, lines 28-38; and col. 5, lines 1-6). 

As per claim 20, Asay et al discloses of sending the certificate (credential) 
information request to the subscriber (delegate) includes sending a request for 
information related to an appropriate delegation, and receiving the approval from 
the subscriber (delegate) includes receiving the information related to an 
appropriate delegation (col. 3, lines 5-18 and col. 20, lines 11-23). 

As per claim 21 , it is taught by Asay et al of sending the certificate 
(credential) information comprises verifying the delegation registered by the 
subscriber (delegate) and certificate authority (delegator), retrieving certificate 
(credential) information associated with the delegation, and forwarding the 
retrieved certificate (credential) information to the relying party (col. 5, lines 1-28). 

As per claims 22, Asay et al discloses of the data, when accessed, further 
causing subscribing, by the subscriber (delegate) and the certificate authority 
(delegator), a digital credential service from a credential service provider (col. 5, 
lines 1-28). 

As per claim 23, Asay et al teaches of a machine-accessible medium 
encoded with data related to a relying party, the data, when accessed, causing 
receiving from a subscriber (delegate), a request for a service sending certificate 
(credential) information request to a reliance server (delegate credential service 
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provider), receiving the requested certificate (credential) information from the 
reliance server (delegate credential service provider), verifying the certificate 
(credential) information, generating a service response based on the results from 
the verifying and the request for the service; and sending the service response to 
the subscriber (delegate)(col. 4, lines 28-38 and col. 5, lines 1-28). 

As per claim 24, the teachings of Asay disclose of sending the certificate 
(credential) information request comprises determining the certificate (credential) 
required for the services requested, generating the certificate (credential) 
information request based on the certificate (credential) required, sending the 
certificate (credential) information request to the subscriber (delegate) to obtain 
an approval, receiving the approval from the subscriber (delegate), and sending 
the certificate (credential) information request to the reliance server (delegate 
credential service provider)(col. 3, lines 5-18; col. 4, lines 28-38; and col. 5, lines 
1-6). 

As per claim 25, it is disclosed by Asay et al that the data, when accessed, 
further causing determining, using the certificate (credential) required, an 
appropriate delegation based on which the certificate (credential) information 
request is constructed (col. 5, lines 1 -28). 

As per claim 26, Asay et al teaches of determining the appropriate 
delegation includes one of obtaining the appropriate delegation specified in the 
request for service sent by the subscriber (delegate), selecting the appropriate 
delegation by the subscriber (delegate) upon receiving the certificate (credential) 
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information request for approval, and verifying the appropriate delegation by the 
reliance server (delegate credential service provider)(col. 5, lines 1-28). 

As per claim 27, it is disclosed by Asay et al of a machine-accessible 
medium encoded with data, related to a reliance server (delegate credential 
service provider), the data, when accessed, causing receiving a service request, 
determining the service type based on the service request, registering, if the 
service type is for subscribing a digital credential service, a user's certificate 
(credential) information for requested digital credential service, registering, if the 
service type is for delegation service, a delegation between a certificate authority 
(delegator) and a subscriber (delegate), the delegation including delegation 
terms, changing, if the service type is for updating an existing delegation, the 
terms of an existing delegation, and providing, if the service request is certificate 
(credential) information request from a relying party for digital credential 
information required for a service requested by a delegate, required certificate 
(credential) information (col. 4, lines 28-38 and col. 5, lines 1-28). 

As per claim 28, Asay et al teaches of updating a delegation comprises 
receiving, from a user, revised delegation terms, and updating the terms of the 
existing delegation using the revised delegation terms (col. 21, lines 55-67). 

As per claim 29, the teachings of Asay et al recite of providing delegate 
credential information comprises retrieving the required delegated credential, and 
sending the retrieved certificate (credential) information to the relying party (col. 
5, lines 1-28). 
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As per claim 30, it is disclosed by Asay et al that the data, when accessed, 
further causing determining, prior to the retrieving, a delegation between the 
subscriber (delegate), who requests the service from the relying party, and a 
certificate authority (delegator), wherein the digital credential information of the 
certificate authority (delegator) corresponds to the certificate (credential) 
information required for the service requested by the subscriber (delegate)(col. 5, 
lines 1-28). 

Conclusion 

3. Any inquiry concerning this communication or earlier communications from 
the examiner should be directed to Christopher A. Revak whose telephone 
number is 571-272-3794. The examiner can normally be reached on Monday- 
Friday, 6:30am-3:00pm. 

If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, Ayaz Sheikh can be reached on 571-272-3795. The fax 
phone number for the organization where this application or proceeding is 
assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from 
the Patent Application Information Retrieval (PAIR) system. Status information 
for published applications may be obtained from either Private PAIR or Public 
PAIR. Status information for unpublished applications is available through 
Private PAIR only. For more information about the PAIR system, see http://pair- 
direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll- 
free). 



Christopher Revak 
Primary Examiner 
AU2131 
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